CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

	ZDI-25-286: Dassault Systèmes eDrawings Viewer OBJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability Description: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-1883. CVSS: HIGH (7.8) EPSS Score: 0.02% Source: Zero Day Initiative Published Advisories May 13th, 2025 (about 1 month ago)
CVE-2025-30400	Microsoft Windows DWM Core Library Use-After-Free Vulnerability Description: Microsoft Windows DWM Core Library contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally. CVSS: HIGH (7.8) EPSS Score: 4.24% Source: CISA KEV May 13th, 2025 (about 1 month ago)
CVE-2025-32701	Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability Description: Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally. CVSS: HIGH (7.8) EPSS Score: 4.24% Source: CISA KEV May 13th, 2025 (about 1 month ago)
CVE-2025-32706	Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability Description: Microsoft Windows Common Log File System (CLFS) Driver contains a heap-based buffer overflow vulnerability that allows an authorized attacker to elevate privileges locally. CVSS: HIGH (7.8) EPSS Score: 10.51% Source: CISA KEV May 13th, 2025 (about 1 month ago)
CVE-2025-30397	Microsoft Windows Scripting Engine Type Confusion Vulnerability Description: Microsoft Windows Scripting Engine contains a type confusion vulnerability that allows an unauthorized attacker to execute code over a network via a specially crafted URL. CVSS: HIGH (7.5) EPSS Score: 30.91% Source: CISA KEV May 13th, 2025 (about 1 month ago)
CVE-2025-32709	Microsoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulnerability Description: Microsoft Windows Ancillary Function Driver for WinSock contains a use-after-free vulnerability that allows an authorized attacker to escalate privileges to administrator. CVSS: HIGH (7.8) EPSS Score: 4.28% Source: CISA KEV May 13th, 2025 (about 1 month ago)
CVE-2025-32709	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability 🚨 Marked as known exploited on May 13th, 2025 (about 1 month ago). Description: Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. CVSS: HIGH (7.8) EPSS Score: 4.28% Source: CVE May 13th, 2025 (about 1 month ago)
CVE-2025-32707	NTFS Elevation of Privilege Vulnerability Description: Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. CVSS: HIGH (7.8) EPSS Score: 0.06% Source: CVE May 13th, 2025 (about 1 month ago)
CVE-2025-32706	Windows Common Log File System Driver Elevation of Privilege Vulnerability 🚨 Marked as known exploited on May 13th, 2025 (about 1 month ago). Description: Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. CVSS: HIGH (7.8) EPSS Score: 10.51% Source: CVE May 13th, 2025 (about 1 month ago)
CVE-2025-32705	Microsoft Outlook Remote Code Execution Vulnerability Description: Out-of-bounds read in Microsoft Office Outlook allows an unauthorized attacker to execute code locally. CVSS: HIGH (7.8) EPSS Score: 0.06% Source: CVE May 13th, 2025 (about 1 month ago)